On Fri, Jan 15, 2021 at 02:18:09PM -0300, Jorge P. de Morais Neto wrote: > Em [2021-01-15 sex 18:07:40+0100], zimoun escreveu: > > > As far as I know, Guix provides the security support that upstream > > releases. > > I too suppose so in general. But I would like a more authoritative > answer for the specific case of Python2. And, in fact, this should be > publicly documented---in the manual or in the website, as well as the > description of the python2 package and maybe also in the description of > all python2-.* packages.
Because Python 2 is not supported upstream — at <https://python.org> — we do not offer any security support for it. If some other organization began supporting it, we might consider switching to that source. But for now, the plan is to remove Python 2 from Guix before very long. In general, Guix provides no security support for packages besides what upstream provides. There may be exceptions but they are exceptional. I don't agree that we should specifically document how much we support certain packages. For every package, the best we can offer is what the upstream developers provide. Guix is a distributor, and therefore we do not do software development of packages. Regarding offlineimap, if they do not port the software to Python 3, I recommend switching to mbsync, from the isync package.
signature.asc
Description: PGP signature